AAPL Stock: 118.19 ( -0.69 )

Printed from

SSL vulnerability revealed as major issue; forced release of iOS patch

updated 04:15 pm EST, Sun February 23, 2014

OS X said be vulnerable to same style of attack, patch to come

On February 21, Apple released a patch for iOS bringing iOS 7 and 6 to versions 7.06 and 6.16 (respectively), with little fanfare as to why the patch was issued. However, it now appears to have had more to it than a simple fix to SSL connections. The release notes mentioned a Secure Socket Layer (SSL) vulnerability for "an attacker with a privileged network," meaning that a flaw in the SSL implementation could conceivably allow for a "man-in-the-middle" attack as uncovered by ZDNet.

The patch fixes a vulnerability that was keeping the system from doing SSL/TLS hostname checks, leaving communications unencrypted that were meant to be encrypted. The flaw could leave data such as passwords and personal information open to interception by someone on the same network that was using software to decode transmissions. In ZDNet's report, "the vulnerability allows anyone with a certificate signed by a 'trusted CA' to do a man-in-the-middle (MITM) attack." The flaw could very well be how the NSA claimed to be able to spy on iOS devices in the past, though there is no firm evidence of that -- or of any significant use of the loophole -- thus far.

Phil Plait of Slate has noted that the patch itself has also caused problems, and is said to have "bricked" several Apple devices for some users, including issues which he documented with his own iPad 2.

OS X has apparently also been open to a similar flaw, possibly for several months, perhaps even dating back to version 10.7. In a statement issued from Apple spokeswoman Trudy Muller to Reuters on Saturday she said that the company is "aware of this issue, and already have a software fix that will be released very soon." No official date has been announced, though it should be noted that there have also been no reports of system compromises that can be tied to this bug thus far. In the meantime, users may wish to tread carefully in engaging in sensitive activities on public Wi-Fi networks with Macs until the update for OS X is released.

by MacNN Staff



  1. Mechanic

    Fresh-Faced Recruit

    Joined: 12-11-11

    Forced my ass it was coming out because of the bug no one forced apple to do anything.
    No news here. Yawn¡ Move on

  1. Sebastien

    Registered User

    Joined: 04-29-00

    I was reported by developers. To not publish it ASAP would be borderline criminal.

  1. Grendelmon

    Senior User

    Joined: 12-26-07

    Originally Posted by MechanicView Post

    Forced my ass it was coming out because of the bug no one forced apple to do anything.
    No news here. Yawn¡ Move on

    Yeah, it's no news at all.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented